Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 24 Sep 2004 15:50:01 -0000
From:      "f.johan.beisser" <jan@caustic.org>
To:        dwbear75@gmail.com
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: file permission question
Message-ID:  <Pine.BSF.4.21.0110012114320.4143-100000@pogo.caustic.org>
In-Reply-To: <OE726OJi57n6Hj1yNrU00004304@hotmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 1 Oct 2001, default wrote:

> Hi,
> 
> I am allowing a couple of ppl to have a shell account on one of my machines,
> and I am making a few changes to disallow them from using certain things...
> like chmoding the 'ps' command to 550 etc...
> 
> I wanted to ask, is there any reason why one wouldn't want to chmod to 640
> the passwd file and other similar files? ...

the base system is relativly secure on it's own. changing the permissions
on things like the passwd file breaks some programs that need it to read
user information. since the encrypted passwords are in /etc/master.passwd,
(which is permission 0600) you don't really need to change that.

honestly, changing permissions of 'standard' applications and utilities is
not going to stop a determined user on your server from abusing
resources. since having any users, other than yourself, on a machine is
technically a security risk.

your best bet is to meticuously comb through your installed files, and
only allow trusted users on your machines.


 -------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
   "if my thought-dreams could be seen..
       "they'd probably put my head in a gillotine"
	     -- Bob Dylan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0110012114320.4143-100000>